Archive

Archive for the ‘Microsoft Cloud App Security’ Category

Forrester names Microsoft a Leader in 2020 Enterprise Detection and Response Wave

March 18th, 2020 No comments

I’m proud to announce that Microsoft is positioned as a Leader in The Forrester Wave™: Enterprise Detection and Response, Q1 2020. Among the Leaders in the report, Microsoft received the highest score in the current offering category. Microsoft also received the highest score of all participating vendors in the extended capabilities criteria. We believe Microsoft’s position as a Leader in this Forrester Enterprise Detection and Response Wave is not only a recognition of the value we deliver with our endpoint detection and response capabilities through Microsoft Defender Advanced Threat Protection (ATP), but recognition for our customers for their help in defining a market-leading product they really need and love using.

Microsoft Defender ATP, our endpoint protection solution, received the highest score possible (5 out of 5) in the endpoint telemetry, security analytics, threat hunting, ATT&CK mapping, and response capabilities criteria, as well in the Performance and Planned Enhancements criteria. The endpoint detection and response capabilities built into Microsoft Defender ATP empower defenders to achieve more and focus on remediating the threats that will have the biggest impact to their organization. Our broad and deep optics into the threat landscape and our built-in approach to security make our offerings unique.

The recently announced Microsoft Threat Protection, a solution that expands Microsoft Defender ATP from endpoint detection and response (EDR) to an extended detection and response (XDR) solution by combining our endpoint protection with protection for email and productivity tools (Office ATP), identity (Azure ATP), and cloud applications (Microsoft Cloud App Security), received the highest score of all participating vendors for its extended capabilities. As customers face cross-domain attacks, such as email phishing that leads to endpoint and identity compromise, Microsoft Threat Protection looks across these domains to understand the entire chain of events, identifies affected assets, like users, endpoints, mailboxes, and applications, and auto-heals them back to a safe state.

Microsoft is dedicated to protecting companies from real cyberattacks. We are focused on product excellence, innovation, and cutting-edge technology. The success of our customers is our highest priority, which is why we put such a strong emphasis on product excellence to translate the more than $1 billion a year investment, collaboration with over 100 Microsoft Intelligent Security Association (MISA) partners, and more than 3,500 security professionals into real, cloud-delivered protection for our customers. These partnerships, investments, and continuous innovation have led us to secure this leading spot as a provider that “matters most.”

For us, this latest recognition is a testament to our research and product teams’ ongoing commitment to provide our customers with an effective and comprehensive security solution and adds to a growing list of industry recognition of Microsoft Defender ATP.

This is our first time participating in this Forrester Enterprise Detection and Response Wave and we are truly excited to have been recognized as a Leader. It’s another proud milestone in our endpoint security journey with Microsoft Defender ATP and Microsoft Threat Protection to building an industry-leading endpoint and XDR solution that customers love.

Download this complimentary full report and read the analysis behind Microsoft’s positioning as a Leader.

For more information on our endpoint security platform, or to sign up for a trial, visit our Microsoft Defender ATP page.

 

The Forrester Wave™: Enterprise Endpoint Detection and Response, Q1 2020, Josh Zelonis, March 18, 2020.
This graphic was published by Forrester Research as part of a larger research document and should be evaluated in the context of the entire document. The Forrester document is available upon request from https://reprints.forrester.com/#/assets/2/108/RES146957/reports.

The post Forrester names Microsoft a Leader in 2020 Enterprise Detection and Response Wave appeared first on Microsoft Security.

Microsoft Security—a Leader in 5 Gartner Magic Quadrants

December 3rd, 2019 No comments

Gartner has named Microsoft Security a Leader in five Magic Quadrants. This is exciting news that we believe speaks to the breadth and depth of our security offerings. Gartner places vendors as Leaders who demonstrate balanced progress and effort in all execution and vision categories. This means that Leaders not only have the people and capabilities to deliver strong solutions today, they also understand the market and have a strategy for meeting customer needs in the future. Microsoft was identified as a Leader in the following five security areas:

  • Cloud Access Security Broker (CASB) solutions1
  • Access Management2
  • Enterprise Information Archiving3
  • Unified Endpoint Management (UEM) tools4
  • Endpoint Protection Platforms5

Given this, Microsoft Security doesn’t just deliver strong security products in five crucial security areas only. We provide a comprehensive set of security solutions that are built to work together, from identity and access management to threat protection to information protection and cloud security.

Our products integrate easily and share intelligence from the trillions of signals generated daily on the Microsoft Intelligent Security Graph. And they work with non-Microsoft solutions too. You can monitor and safeguard your assets across clouds—whether you use Microsoft Azure, Amazon Web Services, Slack, Salesforce, or all the above.

By unifying security tools, you get visibility into your entire environment across on-premises and the cloud, to better protect all your users, data, devices, and applications. Today, we’ll review the five areas where Microsoft is recognized as a Leader in security.

A Leader in CASB

Our cloud security solutions provide cross-cloud protection, whether you use Amazon Web Services, Azure, Google Cloud Platform—or all three. We also help you safeguard your data in third-party apps like Salesforce and Slack.

Gartner named Microsoft a Leader in CASB based on the ability to execute and completeness of vision. Cloud App Security provides rich visibility into your shadow IT, enables you to identify and remediate cloud native attacks, and allows you to control how your data travels across all your cloud apps—whether they’re from Microsoft or third-party applications.

As Gartner says in the CASB Magic Quadrant, “platforms from leading CASB vendors were born in the cloud and designed for the cloud. They have a deeper understanding of users, devices, applications, transactions, and sensitive data than CASB functions designed to be extensions of traditional network security and SWG security technologies.”

We work closely with customer to improve our products, which is one of the reasons our customer base for Cloud App Security continues to grow.

Gartner graph showing Microsoft as a Leader in Cloud App Security.

A Leader in Access Management

Azure Active Directory (Azure AD) is a universal identity and access management platform that provides the right people the right access to the right resources. It safeguards identities and simplifies access for users. Users sign in once with a single identity to access all the apps they need—whether they’re on-premises apps, Microsoft apps, or third-party cloud apps. Microsoft was recognized for high scores in market understanding and customer experience.

Gartner says, “Vendors that have developed Access Management as a service have risen in popularity. Gartner estimates that 90 percent or more of clients based in North America and approximately 65 percent in Europe and the Asia/Pacific region countries are also seeking SaaS-delivered models for new Access Management purchases. This demonstrates a preference for agility, quicker time to new features, elimination of continual software upgrades, reduction of supported infrastructure and other SaaS versus software benefits demonstrated in the market.”

Gartner graph showing Microsoft as a Leader in Access Management.

A Leader in Enterprise Information Archiving

Enterprise information archiving solutions help organizations archive emails, instant messages, SMS, and social media content. Gartner recognized us as a Leader in this Magic Quadrant based on ability to execute and completeness of vision.

Gartner estimates, “By 2023, 45 percent of enterprise customers will adopt an enterprise information archiving (EIA) solution to meet new requirements driven by data privacy regulations; this is a major increase from five percent in 2019.”

Gartner graph showing Microsoft as a Leader in Enterprise Information Archiving.

A Leader in Unified Endpoint Management (UEM)

Unified Endpoint Management (UEM) solutions provide a comprehensive solution to manage mobile devices and traditional endpoints, like PCs and Macs. Microsoft’s solution, Microsoft Intune, lets you securely support company-provided devices and bring your own device policies. You can even protect company apps and data on unmanaged devices. We have seen rapid growth in Intune deployments and expect that growth to continue.

Gartner noted that, “Leaders are identified as those vendors with strong execution and vision scores with products that exemplify the suite of functions that assist organizations in managing a diverse field of mobile and traditional endpoints. Leaders provide tools that catalyze the migration of PCs from legacy CMT management tools to modern, UEM-based management.”

Intune is built to work with other Microsoft 365 security solutions, such as Cloud App Security and Azure AD to unify your security approach across all your clouds and devices. As Gartner writes, “Achieving a truly simplified, single-console approach to endpoint management promises many operational benefits.”

Gartner graph showing Microsoft as a Leader in Unified Endpoint Management.

A Leader in Endpoint Protection Platforms

Our threat protection solutions provide tools to identify, investigate, and respond to threats across all your endpoints. Gartner named Microsoft a Leader for Endpoint Protection Platforms, recognizing our products and our strengths and ability to execute and completeness of vision. Azure Advanced Threat Protection (ATP) detects and investigates advanced attacks on-premises and in the cloud. Windows Defender Antivirus protects PCs against software threats like viruses, malware, and spyware across email, apps, the cloud, and the web.

Gartner says, “A Leader in this category will have broad capabilities in advanced malware protection, and proven management capabilities for large-enterprise accounts.”

Gartner graph showing Microsoft as a Leader in Endpoint Protection Platforms.

Learn more

Microsoft is committed to helping our customers digitally transform while providing the security solutions that enable them to focus on what they do best. Learn more about our comprehensive security solutions across identity and access management, cloud security, information protection, threat protection, and universal endpoint management by visiting our website.

1Gartner “Magic Quadrant for Cloud Access Security Brokers,” by Steve Riley, Craig Lawson, October 2019

2Gartner “Magic Quadrant for Access Management,” by Michael Kelley, Abhyuday Data, Henrique, Teixeira, August 2019

3Gartner “Magic Quadrant for Enterprise Information Archiving,” by Julian Tirsu, Michael Hoech, November 2019

4Gartner “Magic Quadrant for Unified Endpoint Management Tools,” by Chris Silva, Manjunath Bhat, Rich Doheny, Rob Smith, August 2019

5Gartner “Magic Quadrant for Endpoint Protection Platforms,” by Peter Firstbrook, Dionisio Zumerle, Prateek Bhajanka, Lawrence Pingree, Paul Webber, August 2019

These graphics were published by Gartner, Inc. as part of larger research documents and should be evaluated in the context of the entire document. The Gartner documents are available upon request from Microsoft. Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

The post Microsoft Security—a Leader in 5 Gartner Magic Quadrants appeared first on Microsoft Security.

Changing security incident response by utilizing the power of the cloud—DART tools, techniques, and procedures: part 1

November 14th, 2019 No comments

This is the first in a blog series discussing the tools, techniques, and procedures that the Microsoft Detection and Response Team (DART) use to investigate cybersecurity incidents at our customer organizations. Today, we introduce the team and give a brief overview of each of the tools that utilize the power of the cloud. In upcoming posts, we’ll cover each tool in-depth and elaborate on techniques and procedures used by the team.

Key lessons learned from DART’s investigation evolution

DART’s investigation procedures and technology have evolved over 14 years of assisting our customers during some of the worst hack attacks on record. Tools have evolved from primarily bespoke (custom) tools into a blend of commercially available Microsoft detection solutions plus bespoke tools, most of which extend the core Microsoft detection capabilities. The team contributes knowledge and technology back to the product groups, who leverage that experience into our products, so our customers can benefit from our (hard-won) lessons learned during our investigations.

This experience means that DART’s tooling and communication requirements during incident investigations tend to be a bit more demanding than most in-house teams, given we’re often working with complex global environments. It’s not uncommon that an organization’s ability to detect and respond to security incidents is inadequate to cope with skilled attackers who will spend days and weeks profiling the organization and its employees. Consequently, we help organizations across many different industry verticals and from those experiences we have collated some key lessons:

  • Detection is critical (and weak)—One of the first priorities when the team engages to assist with an incident investigation at a customer site is to increase the detection capability of that organization. Over the years, we’ve seen that industry-wide detection has stayed the weakest of the Protect, Detect, Respond triad. While the average dwell time numbers are trending downward, it’s still measured in days (usually double digit numbers) and days of access to your systems is plenty of time to do massive damage.
  • Inadequate auditing—More often than not, DART finds that organizations don’t turn on auditing or have misconfigured auditing with the result that there is not a full record of attacker activities. See auditing best practices for Active Directory and Office 365. In addition, given the current prolific use of weaponized PowerShell scripts by attackers, we strongly recommend implementing PowerShell auditing.
  • Static plus active containment—Static containment (protection) controls can never be 100 percent successful against skilled human attackers, so we need to add in an active containment component that can detect and contain those attackers at the edge and as they move around the environment. This second part is crucial—as they move around the environment—we need to move away from the traditional mindset of “Time to Detect” and implement a “Time to Remediate” approach with active containment procedures to disrupt attackers’ abilities to realize their objective once in the environment. Of course, attackers that have been in the organization for a very long time require more involved investigation and planning for an eviction event to be successful and lessen any potential impact to the organization.

These lessons have significantly influenced the methodology and toolsets we use in DART as we engage with our customers. In this blog series, we’ll share lessons learned and best practices of organizations and incident responders to help ensure readiness.

Observe-Orient-Decide-Act (OODA) framework

Before we can act in any meaningful way, we need to observe attacker activities, so we can orient ourselves and decide what to do. Orientation is the most critical step in the Observe-Orient-Decide-Act (OODA) framework developed by John Boyd and overviewed in this OODA article. Wherever possible, the team will light up several tools in the organization, installing the Microsoft Management Agent (MMA) and trial versions of the Microsoft Threat Protection suite, which includes Microsoft Defender ATP, Azure ATP, Office 365 ATP, and Microsoft Cloud App Security (our Cloud Access Security Broker (CASB) solution named illustrated in Figure 1). Why? Because these technologies were developed specifically to form an end-to-end picture across the attacker cyber kill-chain framework (reference Lockheed Martin) and together work swiftly to gather indicators of anomaly, attack, and compromise necessary for successful blocking of the attacker.

The Microsoft ATP platform of tools are used extensively by the Microsoft Corporate IT security operations center (SOC) in our Cyber Defence Operations Center (CDOC), whose slogan is “Minutes Matter.” Using these technologies, the CDOC has dropped their time to remediate incidents from hours to minutes—a game changer we’ve replicated at many of our customers.

Microsoft Threat Protection

The Microsoft Threat Protection platform includes Microsoft Defender ATP, Azure ATP, Office 365 ATP, as well as additional services that strengthen security for specific attack vectors, while adding security for attack vectors that would not be covered by the ATP solutions alone. Read Announcing Microsoft Threat Protection for more information. In this blog, we focus on the tools that give DART a high return on investment in terms of speed to implement versus visibility gained.

Infographic showing maximum detection during attack stages, with Office 365 ATP, Azure AD Identity Protection, and Cloud App Security.

Figure 1. Microsoft Threat Protection and the cyber kill-chain.

Although the blog series discusses Microsoft technologies preferentially, the intent here is not to replicate data or signals—the team uses what the customer has—but to close gaps where the organization might be missing signal. With that in mind, let’s move on to a brief discussion of the tools.

Horizontal tools: Visibility across the cyber kill-chain

Horizonal tools include Azure Sentinel and Azure Security Center:

  • Azure Sentinel—New to DART’s arsenal is Azure Sentinel—the first cloud-native SIEM (security investigation and event management). Over the past few months, DART has deployed Azure Sentinel as a mechanism to combine the different signal sets in what we refer to as a SIEM and SOAR as a service. SOAR, which stands for security orchestration and automation, is indispensable in its capability to respond to attacker actions with speed and accuracy. Our intention is not to replicate a customer SIEM but to use the power of the cloud and machine learning to quickly combine alerts across the cyber kill-chain in a fusion model to lessen the time it takes an investigator to understand what the attacker is doing.

Importantly, machine learning gives DART the ability to aggregate diverse signals and get an end-to-end picture of what is going on quickly and to act on that information. In this way, information important to the investigation can be forwarded to the existing SIEM, allowing for efficient and speedy analysis utilizing the power of the cloud.

  • Azure Security Center—DART also onboards the organization into Azure Security Center, if not already enabled for the organization. This tool significantly adds to our ability to investigate and pivot across the infrastructure, especially given the fact that many organizations don’t yet have Windows 10 devices deployed throughout. Security Center also does much more with machine learning for next-generation detection and simplifying security management across clouds and platforms (Windows/Linux).

DART’s focus for the tool is primarily on the log analytics capabilities that allow us to pivot our investigation and, furthermore, utilize the recommended hardening suggestions during our rapid recovery work. We also recommend the implementation of Security Center proactively, as it gives clear security recommendations that an organization can implement to secure their on-premises and cloud infrastructures. See Azure Security Center FAQs for more information.

Vertical tools: Depth visibility in designated areas of the cyber kill-chain

Vertical tools include Azure ATP, Office 365 ATP, Microsoft Defender ATP, Cloud App Security, and custom tooling:

  • Azure ATP—The Verizon Data Breach Report of 2018 reported that 81 percent of breaches are caused by compromised credentials. Every incident that DART has responded to over the last few years has had some component of credential theft; consequently Azure ATP is one of the first tools we implement when we get to a site—before, if possible—to get insight into what users and entities are doing in the environment. This allows us to utilize built-in detections to determine suspicious behaviour, such as suspicious changes of identity metadata and user privileges.
  • Office 365 ATP—With approximately 90 percent of all attacks starting with a phishing email, having ways to detect when a phishing email makes it past email perimeter defences is critical. DART investigators are always interested in which mechanism the attacker compromised the environment—simply so we can be sure to block that vector. We use Office 365 ATP capabilities— such as security playbooks and investigation graphs—to investigate and remediate attacks faster.
  • Microsoft Defender ATP—If the organization has Windows 10 devices, we can implement Microsoft Defender ATP (previously Windows Defender ATP)—a cloud-based solution that leverages a built-in agent in Windows 10. Otherwise, we’ll utilize MMA to gather information from older versions of Windows and Linux machines and pull that information into our investigation. This makes it possible to detect attacker activities, aggregate this information, and prioritize the investigation of detected activity.
  • Cloud App SecurityCloud App Security is a multi-mode cloud access security broker that natively integrates with the other tools DART deploys, giving access to sophisticated analytics to identify and combat cyberthreats across the organizations. This allows us to detect any malicious activity using cloud resources that the attacker might be undertaking. Cloud App Security, combined with Azure ATP, allows us to see if the attacker is exfiltrating data from the organization, and also allows organizations to proactively determine and assess any shadow IT they may be unaware of.
  • Custom tooling—Bespoke custom tooling is deployed depending on attacker activities and the software present in the organization. Examples include infrastructure health-check tools, which allow us to check for any modification of Microsoft technologies—such as Active Directory, Microsoft’s public key infrastructure (PKI), and Exchange health (where Office 365 is not in use) as well as tools designed to detect use of specific specialist attack vectors and persistence mechanisms. Where machines are in frame for a deeper investigation, we normally utilize a tool that runs against a live machine to acquire more information about that machine, or even run a full disk acquisition forensic tool, depending on legal requirements.

Together, the vertical tools give us unparalleled view into what is happening in the organization. These signals can be collated and aggregated into both Security Center and Azure Sentinel, where we can pull other data sources as available to the organization’s SOC.

Figure 2 represents how we correlate the signal and utilize machine learning to quickly identify compromised entities inside the organization.

Infographic showing combined signals: Identity, Cloud Apps, Data, and Devices.

Figure 2. Combining signals to identify compromised users and devices.

This gives us a very swift way to bubble up anomalous activity and allows us to rapidly orient ourselves against attacker activity. In many cases, we can then use automated playbooks to block attacker activity once we understand the attacker’s tools, techniques, and procedures; but that will be the subject of another post.

Next up—how Azure Sentinel helps DART

Today, in Part 1 of our blog series, we introduced the suite of tools used by DART and the Microsoft CDOC to rapidly detect attacker activity and actions—because in the case of cyber incident investigations, minutes matter. In our next blog we’ll drill down into Azure Sentinel capabilities to highlight how it helps DART; stay posted!

Azure Sentinel

Intelligent security analytics for your entire enterprise.


Learn more

Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Changing security incident response by utilizing the power of the cloud—DART tools, techniques, and procedures: part 1 appeared first on Microsoft Security.

Microsoft Cloud Security solutions provide comprehensive cross-cloud protection

November 6th, 2019 No comments

The infrastructure, data, and apps built and run in the cloud are the foundational building blocks for a modern business. No matter where you are in your cloud journey, you likely utilize every layer of the cloud—from infrastructure as a service (IaaS) to platform as a service (PaaS) to software as a service (SaaS). You also may take advantage of services from several cloud and app providers. Many organizations operate a cross-cloud environment, but it can complicate security. A fragmented view of your cloud environment limits opportunities to holistically improve your security posture. It can also lead to missed threats and SecOps burnout.

To address these challenges, we provide a set of comprehensive Cloud Security solutions to protect every layer of the cloud—from Amazon Web Services (AWS) to Microsoft Azure (Azure) to Google Cloud Platform (GCP)—from Slack to Salesforce to your line of business apps.

Microsoft is in a unique position as a cloud provider and security vendor. We leverage global cloud-scale, trillions of signals and deep expertise to build industry-leading security solutions to protect cloud resources.

Our Cloud Security solutions can help you:

  • Realize integrated visibility and protection across clouds with Cloud Security Posture Management and Cloud Workload Protection Platform solutions.
  • Develop and secure your custom apps in the cloud with our Application Security services.
  • Monitor and control user activities and data across all your apps with our leading Cloud Access Security Broker (CASB).

Realize integrated visibility and protection across clouds

No matter which cloud services and apps you use, you need an all-inclusive view across all of them to protect your intellectual property and assets. You also need tools to help you block and mitigate threats. Cloud Security Posture Management and Cloud Workload Protection Platform are solutions that give you the visibility and capabilities to understand your cross-cloud environment and better secure it.

Cloud Security Posture Management

Azure Security Center continuously monitors your cross-cloud resources such as virtual machines, networks, applications, and data services. You can quickly assess your security posture with Secure Score, a feature of Security Center. Secure Score provides a numerical value for your current state and recommends actions. This scoring system offers best-practice guidance that can help prevent common misconfigurations—such as exposure of sensitive resources to the internet, lack of encryption, uninstalled updates, or a missing firewall for your cloud workloads.

Key benefits include:

  • A bird’s-eye security posture view.
  • Ability to continuously monitor and protect all your cross-cloud resources.
  • Best practice recommendations.
  • Visibility into the compliance state of your Azure environment.

Cloud Workload Protection Platform

Security Center doesn’t just evaluate your security posture, it also provides tools to help you reduce your attack surface. Using machine learning to process trillions of signals across from around the globe, Security Center alerts you of threats to your environments, such as remote desktop protocol (RDP), brute-force attacks, and SQL injections.

Protect Windows and Linux servers, cloud-native applications, data services, and your Azure IoT solutions from malicious threats. For every attack attempted or carried out, you receive a detailed report and recommendations for remediation.

Key benefits include the ability to:

  • Detect and block advanced malware and threats from Linux and Windows Servers on any cloud.
  • Protect cloud-native services from threats.
  • Protect data services against malicious attacks.

Protect your Azure IoT solution with near real-time monitoring.

Develop and secure your custom apps in the cloud

Application Security services

By uniting previously siloed roles of development, operations, security, and testing, DevOps has enabled faster application development. When you’re moving fast, it can be easy to miss a step that could make your apps vulnerable. Microsoft Application Security services offers operations and development tools that help you identify potential threats before you put your application in production. Best-practices documentation and the Secure DevOps toolkit help you build security into your apps.

Our Application Security services also help you secure your open source apps. GitHub can you help you secure your software supply chain and integrate security into your code-to-cloud workflows.

Key benefits include the ability to:

  • Build secure applications faster.
  • Protect every layer of your application.
  • Receive guidance to help you succeed.
  • Understand and secure your open source software supply chain.
  • Integrate security into your open source code-to-code workflows.

Monitor and control user activities and data across all your apps

Cloud Access Security Broker

Our internal data shows that in the average enterprise, users leverage more than 1,000 cloud apps and services, half of which go unmonitored by IT. The increasing number of apps—and the different ways users can access them—challenge IT departments to ensure secure access and protect the flow of critical data. Cloud Access Security Broker services are a new generation of solutions that give IT department tools to address these challenges.

Our leading Cloud Access Security Broker solution, Microsoft Cloud App Security, provides rich visibility into your shadow IT, enables you to identify and remediate cloud native attacks, and allows you to control how your data travels across all of your cloud apps—whether they’re from Microsoft or third-party applications. The solution integrates natively with other leading Security and Identity solutions from the broader Microsoft portfolio to provide you with the simplest deployment and powerful threat intelligence and powerful User and Entity Behavior Analytics (UEBA) to help you address the most modern attacks.

Key benefits include:

  • Centralized monitoring and control for all apps:
    • Discover and control shadow IT.
    • Identify and remediate cloud-native attacks.
    • Protect your information in real-time with powerful inline controls.
  • Built for a seamless admin and user experience:
    • Customizable automation capabilities.
    • Native integrations.
    • Optimized for a global workforce.

Microsoft Cloud App Security

Elevate your security posture by taking control of your cloud environment.


Start free trial

Learn more

Our Cloud Security solutions enable you to safeguard your cross-cloud resources.

The post Microsoft Cloud Security solutions provide comprehensive cross-cloud protection appeared first on Microsoft Security.

Further enhancing security from Microsoft, not just for Microsoft

November 4th, 2019 No comments

Legacy infrastructure. Bolted-on security solutions. Application sprawl. Multi-cloud environments. Company data stored across devices and apps. IT and security resource constraints. Uncertainty of where and when the next attack or leak will come, including from the inside. These are just a few of the things that keep our customers up at night.

When security is only as strong as your weakest link and your environments continue to expand, there’s little room for error. The challenge is real: in this incredibly complex world, you must prevent every attack, every time. Attackers must only land their exploit once. They have the upper hand. To get that control back, we must pair the power of your defenders and human intuition with artificial intelligence (AI) and machine learning that help cut through the noise, prioritize the work, and help you protect, detect, and respond smarter and faster.

Microsoft Threat Protection brings this level of control and security to the modern workplace by analyzing signal intelligence across identities, endpoints, data, cloud applications, and infrastructure.

Today, at the Microsoft Ignite Conference in Orlando, Florida, I’m thrilled to share the significant progress we’re making on delivering endpoint security from Microsoft, not just for Microsoft. The Microsoft Intelligent Security Association (MISA), formed just last year, has already grown to more than 80 members and climbing! These partnerships along with the invaluable feedback we get from our customers have positioned us as leaders in recent analyst reports, including Gartner’s Endpoint Protection Platform Magic Quadrant, Gartner’s Cloud Access Security Broker (CASB) Magic Quadrant and Forrester’s Endpoint Security Suites Wave and more.

As we continue to focus on delivering security innovation for our customers, we are:

  • Reducing the noise with Azure Sentinel—Generally available now, our cloud-native SIEM, Azure Sentinel, enables customers to proactively hunt for threats using the latest queries, see connections between threats with the investigation graph, and automate incident remediation with playbooks.
  • Discovering and controlling Shadow IT with Microsoft Cloud App Security and Microsoft Defender Advanced Threat Protection (ATP)—With a single click, you can discover cloud apps, detect and block risky apps, and coach users.
  • Enhancing hardware security with our partners—We worked across our partner ecosystem to offer stronger protections built into hardware with Secured-core PCs, available now and this holiday season.
  • Offering Application Guard container protection, coming to Office 365—In limited preview now, we will extend the same protections available in Edge today to Office 365.
  • Building automation into Office 365 Advanced Threat Protection for more proactive protection and increased visibility into the email attacker kill chain—We’re giving SecOps teams increased visibility into the attacker kill chain to better stop the spread of attacks by amplifying your ability to detect breaches through new enhanced compromise detection and response in Office 365 ATP, in public preview now. And later this year, we’re adding campaign views to allow security teams to see the full phish campaign and derive key insights for further protection and hunting.
  • Getting a little help from your friends—Sometimes you need another set of eyes, sometimes you need more advanced investigators. Available now, with the new experts on demand service, you can extend the capabilities of your security operations center (SOC) with additional help through Microsoft Defender ATP.
  • Improving your Secure Score—Back up the strength of your team with numbers. New enhancements in Secure Score will make it easier for you to understand, benchmark, and track your progress. We also added new planning capabilities that help you set goals and predict score improvements, and new CISO Metrics & Trends reports that show the impact your work is having on the health of your organization in real-time.
  • Taking another step in cross-platform protection—This month, we’re expanding our promise to offer protections beyond Windows with Enterprise Detection and Response for Apple Macs and Threat and Vulnerability Management for servers.

Microsoft Ignite

Join us online November 4–8, 2019 to livestream keynotes, watch selected sessions on-demand, and more.


Learn more

Infographic showing the Microsoft Intelligent Security Graph: unique insights, informed by trillions of signals from Outlook, OneDrive, Windows, Bing, Xbox Live, Azure, and Microsoft accounts.

There’s no way one person, or even one team, no matter how large could tackle this volume of alerts on a daily basis. The Microsoft Intelligent Security Graph, the foundation for our security solutions, processes 8.2 trillion signals every day. We ground our solutions in this intelligence and build in protections through automation that’s delivered through our cloud-powered solutions, evolving as the threat landscape does. Only this combination will enable us to take back control and deliver on a Zero Trust network with more intelligent proactive protection.

Here’s a bit more about some of the solutions shared above:

Discovering and controlling cloud apps natively on your endpoints

As the volume of cloud applications continues to grow, security and IT departments need more visibility and control to prevent Shadow IT. At last year’s Ignite, we announced the native integration of Microsoft Cloud App Security and Microsoft Defender ATP, which enables our Cloud Access Security Broker (CASB) to leverage the traffic information collected by the endpoint, regardless of the network from which users are accessing their cloud apps. This seamless integration gives security admins a complete view of cloud application and services usage in their organization.

At this year’s Ignite, we’re extending this capability, now in preview, with native access controls based on Microsoft Defender ATP network protection that allows you to block access to risky and non-complaint cloud apps. We also added the ability to coach users who attempt to access restricted apps and provide guidance on how to use cloud apps securely.

Building stronger protections starting with hardware

As we continue to build in stronger protections at the operating system level, we’ve seen attackers shift their techniques to focus on firmware—a near 5x increase in the last three years. That’s why we worked across our vast silicon and first- and third-party PC manufacturing partner ecosystem to build in stronger protections at the hardware level in what we call Secured-core PCs to protect against these kind of targeted attacks. Secured-core PCs combine identity, virtualization, operating system, hardware, and firmware protection to add another layer of security underneath the operating system.

Application Guard container protections coming to Office 365

Secured-core PCs deliver on the Zero Trust model, and we want to further build on those concepts of isolation and minimizing trust. That’s why I’m thrilled to share that the same hardware-level containerization we brought to the browser with Application Guard integrated with Microsoft Edge will be available for Office 365.

This year at Ignite, we are providing an early view of Application Guard capabilities integrated with Office 365 ProPlus. You will be able to open an untrusted Word, Excel, or PowerPoint file in a virtualized container. View, print, edit, and save changes to untrusted Office documents—all while benefiting from that same hardware-level security. If the untrusted file is malicious, the attack is contained and the host machine untouched. A new container is created every time you log in, providing a clean start as well as peace of mind.

When you want to consider the document “trusted,” files are automatically checked against the Microsoft Defender ATP threat cloud before they’re released. This integration with Microsoft Defender ATP provides admins with advanced visibility and response capabilities—providing alerts, logs, confirmation the attack was contained, and visibility into similar threats across the enterprise. To learn more or participate, see the Limited Preview Sign Up.

Automation and impact analysis reinvent Threat and Vulnerability Management

More than two billion vulnerabilities are detected every day by Microsoft Defender ATP and the included Threat and Vulnerability Management capabilities, and we’re adding even more capabilities to this solution.

Going into public preview this month, we have several enhancements, including: vulnerability assessment support for Windows Server 2008R2 and above; integration with Service Now to further improve the communication across IT and security teams; role-based access controls; advanced hunting across vulnerability data; and automated user impact analysis to give you the ability to simulate and test how a configuration change will impact users.

Automation in Office 365 ATP blocked 13.5 billion malicious emails this year

In September, we announced the general availability of Automated Incident Response, a new capability in Office 365 ATP that enables security teams to efficiently detect, investigate, and respond to security alerts. We’re building on that announcement, using the breadth of signals from the Intelligent Security Graph to amplify your ability to detect breaches through new enhanced compromise user detection and response capabilities in Office 365 ATP.

Now in public preview, the solution leverages the insights from mail flow patterns and Office 365 activities to detect impacted users and alert security teams. Automated playbooks then investigate those alerts, look for possible sources of compromise, assess impact, and make recommendations for remediation.

Campaign detections coming to Office 365 ATP

Attackers think in terms of campaigns. They continuously morph their email exploits by changing attributes like sending domains and IP addresses, payloads (URLs and attachments), and email templates attempting to evade detection. With campaign views in Office 365 ATP, you’ll be able to see the entire scope of the campaign targeted at your organization. This includes deep insights into how the protection stack held up against the attack—including where portions of the campaign might have gotten through due to tenant overrides thereby exposing users. This view helps you quickly identify configuration flaws, targeted users, and potentially comprised users to take corrective action and identify training opportunities. Security researchers will be able to use the full list of indicators of compromise involved in the campaign to go hunt further. This capability will be in preview by the end of the year.

Protection across platforms: enterprise detection and response (EDR) for Mac

Work doesn’t happen in just one place. We know that people use a variety of devices and apps from various locations throughout the day, taking business data with them along the way. That means more complexity and a larger attack surface to protect. Microsoft’s Intelligent Security Graph detects five billion threats on devices every month. To strengthen enterprise detection and response (EDR) capabilities for endpoints, we’re adding EDR capabilities to Microsoft Defender ATP for Mac, entering public preview this week. Moving forward, we plan to offer Microsoft Defender ATP for Linux servers, providing additional protection for our customers’ heterogeneous networks.

We understand the pressure defenders are under to keep pace with these evolving threats. We are grateful for the trust you’re putting in Microsoft to help ease the burdens on your teams and help focus your priority work.

Related links

The post Further enhancing security from Microsoft, not just for Microsoft appeared first on Microsoft Security.